Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 408
  • Last Modified:

Xcacls Problems : resetting home directories for individual users

I have previously asked a question similar to this when i was figuring out the actual syntax to use for the command.  Now i have done that and have seen the command working i have a further query;

The below command seems to work in the login script as a .CMD file when i am logged in as myslef (a domain admin) but when the script runs when a normal user logs in it returns with 'ERRROR The filename, directory name or volume label syntax is incorrect'

\\[servername]\xcacls.exe "\\[servername]\home\%username%" /T /E /C /G %username%:f /y
pause (just to see it step through)

Just wondering if any expert has any pearls of wisdom on this, before i resort to resetting all home directory access manually and individually.

ANy help would be much appreciated

Thanks
leon

0
leont
Asked:
leont
  • 6
  • 5
  • 2
  • +1
1 Solution
 
Richard QuadlingSenior Software DeverloperCommented:
Hi leont,


I think you can only grant rights if the USER running the script has the ability to play with rights.

You cannot (for example) give yourself superduper rights if you are guest.

When you are logging in, the "user" running the script is NOT the same user logging in. This is why you would use the login script to set the rights.

Regards,

Richard Quadling.
0
 
Azhrei1Commented:
can you access the username share on that server while logged in as the user?

http://technet2.microsoft.com/WindowsServer/en/Library/8ec308b8-9229-44bb-acad-707ec1b7f0a91033.mspx?mfr=true
0
 
leontAuthor Commented:
Thanks for the quick response, in response to Azhrei1's query, they cannot access thier own directories this is why i was looking to do it via login script (xcacls) otherwise i will have to go through every users home profile directory to reset the access right so only they have full control access to their own directories.  Rquadling, i had a feeling it would be something like that, looks like theres no quick way to do this then?

Leon
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Azhrei1Commented:
I will have to agree with Richard, Leon :(
0
 
Richard QuadlingSenior Software DeverloperCommented:
OOI. Why not jus leave it in the Login script?

If they don't login, they can't access their files!

If they do, the login script sets the rights and they can access their files.

I don't see any problem.
0
 
oBdACommented:
Since the user name and the folder name are identical, it's not too difficult to change those permissions at once.
Open a command prompt and enter a test command first (replacing the servername, obviously):
for /d %a in ("\\[servername]\home\*.*") do @ECHO @xcacls "%a" /T /E /C /G %Userdomain%\%~nxa:f /y
If this generates the correct output, remove the @echo above:
for /d %a in ("\\[servername]\home\*.*") do @xcacls "%a" /T /E /C /G %Userdomain%\%~nxa:f /y

If you prefer to put this into a batch script, replace the "%a" by "%%a" (the ECHO for the test mode is still there):

@echo off
for /d %%a in ("\\[servername]\home\*.*") do ECHO xcacls "%%a" /T /E /C /G %Userdomain%\%%~nxa:f /y
0
 
leontAuthor Commented:
Hi RQuadling, Thats the root problem, all the home drives where migrated from one server to another and they lost their individual full control access rights and thats what i'm trying to restore when they logon so only the user logging in can access thier own home drive and no one elses, that script works if its a domain admin user logging in but doesn't when the normal user logs in

leon
0
 
Richard QuadlingSenior Software DeverloperCommented:
Aha!

Hmm.

I was just about to suggest oBdA's answer. As the usernames are the directory names, then a one shot of for /D will do the trick.
0
 
leontAuthor Commented:
i will have a look at that.

Thanks
0
 
leontAuthor Commented:
Hi everyone sorry for the delay in responding to close this question, wondering if someone could advise, as while i agree some of the suggestions may work in certain circumstances, i have eventually reverted to way i was originally going to do it so don't know who to assign the points to.  I was going to split the points between RQuading and oBdA, if anyone has any problems with this please let me know.

Thanks
Leon
0
 
Richard QuadlingSenior Software DeverloperCommented:
What way did you use?
0
 
Richard QuadlingSenior Software DeverloperCommented:
I have to say that oBdA's answer is right on the button for a one off fix.
0
 
leontAuthor Commented:
Thanks RQuading, i'll give oBdA the points then if thats ok.  In answer to your first question i took the cowards wayout of this one and reset all the home drive directories to a path that didn't exist i.e.

\\[servername]\homes\%username% (where homes doesn't exist) then went into each individual AD settings and changed it to;
\\[servername]\home\%username% and when the re-mapping is applied it resets the access for the user.

Long winded I know, good job i've only got around 400 users!!

thanks everyone.  I will look into the oBdA gave for future use but not that use to scripting, so i'll look through and figure out what that script actually does for myself.

again many thanks.

Leon
0
 
oBdACommented:
Have a look here, nice resources for batch scripting: http://www.robvanderwoude.com/
0
 
leontAuthor Commented:
Many thanks oBdA

Leon
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 6
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now